Closed Bug 1429542 Opened 7 years ago Closed 7 years ago

Crash in mozilla::net::HttpChannelChild::Cancel

Categories

(Core :: Networking: HTTP, defect)

Unspecified
Windows 10
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
firefox-esr52 --- unaffected
firefox57 --- unaffected
firefox58 --- fixed
firefox59 --- fixed

People

(Reporter: marcia, Assigned: bkelly)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is report bp-b1b3aba6-d058-4a3c-97b5-05ae10180110. ============================================================= Seen while looking at nightly crash data: http://bit.ly/2CQ5EwO and seem to date back at least to 12-25 (crashes prior to 12-24 have been deleted) URLs show up, and are mostly from the same sky.com site: https://news.sky.com/video/would-a-latte-levy-reduce-waste-11196296 Top 10 frames of crashing thread: 0 xul.dll mozilla::net::HttpChannelChild::Cancel netwerk/protocol/http/HttpChannelChild.cpp:2285 1 xul.dll mozilla::net::HttpChannelChild::OverrideRunnable::Run netwerk/protocol/http/HttpChannelChild.cpp:1503 2 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1040 3 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:97 4 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:301 5 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:319 6 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:299 7 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:157 8 xul.dll nsAppShell::Run widget/windows/nsAppShell.cpp:344 9 xul.dll XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:877 =============================================================
Pretty sure I introduced this in bug 1204254. Probably just needs a nullptr check.
Assignee: nobody → bkelly
Blocks: 1204254
Status: NEW → ASSIGNED
Andrew, given that other code does nullptr checks for mNewChannel I think its clear this code should be doing it as well. I think I introduced this in bug 1204254.
Attachment #8941557 - Flags: review?(bugmail)
Comment on attachment 8941557 [details] [diff] [review] Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth Review of attachment 8941557 [details] [diff] [review]: ----------------------------------------------------------------- Does this want to get on the uplift bandwagon?
Attachment #8941557 - Flags: review?(bugmail) → review+
Yea, I'll request uplift after the tree opens and I can push to inbound at least.
Pushed by bkelly@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/1ce7be8b2a72 Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth
Comment on attachment 8941557 [details] [diff] [review] Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth Approval Request Comment [Feature/Bug causing the regression]: Bug 1204254 [User impact if declined]: Low frequency crashes [Is this code covered by automated tests?]: I don't have exact steps to reproduce, so I do not have a test that specifically triggers this. [Has the fix been verified in Nightly?]: Its been pushed to inbound, but is not in nightly yet. [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: Minimal risk [Why is the change risky/not risky?]: This patch simply adds a nullptr check. [String changes made/needed]: None
Attachment #8941557 - Flags: approval-mozilla-beta?
Comment on attachment 8941557 [details] [diff] [review] Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth A simple fix for crash. Beta58+.
Attachment #8941557 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: